The researchers of Cyfirma has discovered a new malware on Android, called the FireScam, which is being distributed by the false Message to the Premium. The last one was posted on a website associated with the RuStore, the store's launch in Russia, from VKontakte in the year 2022. The purpose of the criminal cyber is to steal sensitive data from your intelligent to the user. Google, it is recommended to activate the function, the Play Protect.
FireScam is infostealer, and spyware
The Cyfirma found the APK file of the application of the false Message to the Premium site, hosted by GitHub (public domain github.io). It is similar to the RuStore a store alternative to the Google Play Store, introduced in Russia in may 2022, after the sanctions the west.
The shop is false, the file GetAppsRu.apk file is downloaded. This is a dropper, which asks permission to be different, including the access to the applications tab, and the storage. After you install the Message to the Premium.apk file which asks permission to accessories.
When you open the app, it appears the face of the traditional and the entry in the Message. The data entered by the victim, who does not doubt is sent immediately on the basis of the data in real time to the Firebase. A connection, WebSocket is opened also at one point among end-users Firebase C2, for the execution of a command on the real-time.
FireScam you can monitor the activity of the screen, and for each and every transaction in the pages of the trade, and the electronic capture of data in the system. It also can be accessed on the clipboard, messages, and notifications. It is also seeketh the credentials of the kopjuara by a manager password. The Malware, thus combining the functionality of infostealer, and spyware.
Google has confirmed that the app is fake it is not available in the Play Store. The company's Mountain View, suggesting an activation of a function, Play Protect, which also blocks the applications can be downloaded from the resources of the other.
Discussion about this post